drg_cms 0.5.52.12 → 0.6.0.8

data/app/assets/stylesheets/drg_cms/jstree.css

@@ -189,6 +189,9 @@
   border: 0;
   box-shadow: 0 0 0;
 }
+.vakata-context .vakata-contextmenu-disabled > a > i {
+  filter: grayscale(100%);
+}
 .vakata-context li > a > i {
   text-decoration: none;
   display: inline-block;
@@ -554,9 +557,6 @@
   text-overflow: ellipsis;
   overflow: hidden;
 }
-.jstree-default .jstree-ellipsis.jstree-no-icons .jstree-anchor {
-  width: calc(100% - 5px);
-}
 .jstree-default.jstree-rtl .jstree-node {
   background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAACAQMAAAB49I5GAAAABlBMVEUAAAAdHRvEkCwcAAAAAXRSTlMAQObYZgAAAAxJREFUCNdjAAMOBgAAGAAJMwQHdQAAAABJRU5ErkJggg==");
 }
@@ -738,9 +738,6 @@
   text-overflow: ellipsis;
   overflow: hidden;
 }
-.jstree-default-small .jstree-ellipsis.jstree-no-icons .jstree-anchor {
-  width: calc(100% - 5px);
-}
 .jstree-default-small.jstree-rtl .jstree-node {
   background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAACAQMAAABv1h6PAAAABlBMVEUAAAAdHRvEkCwcAAAAAXRSTlMAQObYZgAAAAxJREFUCNdjAAMHBgAAiABBI4gz9AAAAABJRU5ErkJggg==");
 }
@@ -922,9 +919,6 @@
   text-overflow: ellipsis;
   overflow: hidden;
 }
-.jstree-default-large .jstree-ellipsis.jstree-no-icons .jstree-anchor {
-  width: calc(100% - 5px);
-}
 .jstree-default-large.jstree-rtl .jstree-node {
   background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAACAQMAAAAD0EyKAAAABlBMVEUAAAAdHRvEkCwcAAAAAXRSTlMAQObYZgAAAAxJREFUCNdjgIIGBgABCgCBvVLXcAAAAABJRU5ErkJggg==");
 }
@@ -1012,13 +1006,13 @@
     background: transparent;
   }
   .jstree-default-responsive .jstree-open > .jstree-ocl {
-    background-position: 0 0px !important;
+    background-position: 0 0 !important;
   }
   .jstree-default-responsive .jstree-closed > .jstree-ocl {
     background-position: 0 -40px !important;
   }
   .jstree-default-responsive.jstree-rtl .jstree-closed > .jstree-ocl {
-    background-position: -40px 0px !important;
+    background-position: -40px 0 !important;
   }
   .jstree-default-responsive .jstree-themeicon {
     background-position: -40px -40px;
@@ -1105,4 +1099,4 @@
     margin-left: 0;
     margin-right: 0;
   }
-}
+}

data/app/assets/stylesheets/drg_cms/select-multiple.css

@@ -1,5 +1,5 @@
 .ms-container{
-  width: 200px;
+  max-width: 200px;
 }
 
 .ms-container:after{
@@ -28,10 +28,10 @@
   -ms-transition: border linear 0.2s, box-shadow linear 0.2s;
   -o-transition: border linear 0.2s, box-shadow linear 0.2s;
   transition: border linear 0.2s, box-shadow linear 0.2s;
-  border: 2px solid #ddd;
-  -webkit-border-radius: 3px;
-  -moz-border-radius: 3px;
-  border-radius: 3px;
+  border: 1px solid #ddd;
+  -webkit-border-radius: 1px;
+  -moz-border-radius: 1px;
+  border-radius: 1px;
   position: relative;
   height: 200px;
   padding: 0;
@@ -39,12 +39,9 @@
 }
 
 .ms-container .ms-list.ms-focus{
-  border-color: rgba(82, 168, 236, 0.8);
-  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6);
-  outline: 0;
-  outline: thin dotted \9;
+  border: 1px solid rgba(76,154,255, 1);
+  outline: 1px solid rgba(76,154,255, 1);
+  border-radius: 1px;
 }
 
 .ms-container ul{
@@ -65,12 +62,15 @@
 }
 
 .ms-container .ms-selectable li.ms-elem-selectable{
-  border-bottom: 1px #eee solid;
   padding: 2px 10px;
-  color: #555;
+  color: #444;
   font-size: 14px;
 }
 
+.ms-container .ms-selectable li:nth-child(odd) {
+  background-color: #f4f4f4;
+}
+
 .ms-container .ms-selectable li.ms-hover{
   cursor: pointer;
   color: #fff;
@@ -88,6 +88,12 @@
   display: none;
 }
 
+
+.ms-container .ms-selected {
+  font-weight: 600;
+}
+
 .pull-right.ms-elem-selected{
   float: right;
+  font-size: smaller;
 }

data/app/assets/stylesheets/drg_cms_cms.css

@@ -19,4 +19,4 @@
 */
 
 /* Required for link buttons to look alike */
-.dc-link a, .dc-link-submit input {font-weight: bold; font-size: 12px; }   
+.dc-link a, .dc-link-submit input {font-weight: 600; }   

data/app/controllers/cmsedit_controller.rb

@@ -1,4 +1,3 @@
-#coding: utf-8
 #--
 # Copyright (c) 2012+ Damjan Rems
 #
@@ -76,185 +75,21 @@
 # If filter method returns false user will be presented with flash error.
 ########################################################################
 class CmseditController < DcApplicationController
-before_action :check_authorization, :except => [:login, :logout]
+before_action :check_authorization, :except => [:login, :logout, :test, :run]
 before_action :dc_reload_patches if Rails.env.development?
+protect_from_forgery with: :null_session, only: Proc.new { |c| c.request.format.json? }
   
 layout 'cms'
 
 ########################################################################
-# Will check and set sorting options for current result set. Subroutine of index method.
-########################################################################
-def check_sort_options() #:nodoc:
-  table_name = @tables.first[1]
-  old_sort = session[table_name][:sort].to_s
-  sort, direction = old_sort.split(' ')
-# sort is requested
-  if params['sort']
-    # reverse sort if same selected
-    if params['sort'] == sort
-      direction = (direction == '1') ? '-1' : '1'
-    end
-    direction ||= 1
-    sort = params[:sort]
-    session[table_name][:sort] = "#{params['sort']} #{direction}"
-    session[table_name][:page] = 1
-  end
-  @records.sort( sort => direction.to_i ) if session[table_name][:sort]
-  params['sort'] = nil # otherwise there is problem with other links
-end
-
-########################################################################
-# Set aditional filter options when filter is defined by filter method in control object.
-########################################################################
-def user_filter_options(model) #:nodoc:
-  table_name = @tables.first[1]
-  if session[table_name]
-    DcFilter.get_filter(session[table_name][:filter]) || model
-  else
-    model
-  end
-end
-
-########################################################################
-# Will set session[table_name][:filter] and save last filter settings to session.
-# subroutine of check_filter_options.
-########################################################################
-def set_session_filter(table_name)
-  if params[:filter] == 'off' # clear all values
-    session[table_name][:filter] = nil
-    return
-  end
-
-  filter_value = if params[:filter_value].nil?
-# NIL indicates that no filtering is needed        
-    '#NIL'
-  else     
-    if params[:filter_value].class == String and params[:filter_value][0] == '@'
-# Internal value. Remove leading @ and evaluate expression
-      expression = DcInternals.get(params[:filter_value])
-      eval(expression) rescue nil
-    else
-# No filter when empty      
-      params[:filter_value] == '' ? '#NIL' : params[:filter_value] 
-    end
-  end
-# if filter field parameter is omitted then just set filter value
-  session[table_name][:filter] =
-  if params[:filter_field].nil?
-    saved = YAML.load(session[table_name][:filter])
-    saved['value'] = filter_value
-    saved.to_yaml
-  else 
-# As field defined. Split name and alternative input field
-    field = if params[:filter_field].match(' as ')
-      params[:filter_input] = params[:filter_field].split(' as ').last.strip
-      params[:filter_field].split(' as ').first.strip
-    else
-      params[:filter_field]
-    end
-#    
-    {'field'     => field, 
-     'operation' => params[:filter_oper], 
-     'value'     => filter_value,
-     'input'     => params[:filter_input],
-     'table'     => table_name }.to_yaml
-  end
-# must be. Otherwise kaminari includes parameter on paging
-   params[:filter]        = nil 
-   params[:filter_id]     = nil 
-   params[:filter_oper]   = nil  
-   params[:filter_input]  = nil 
-   params[:filter_field]  = nil 
-end
-
-########################################################################
-# Will check and set current filter options for result set. Subroutine of index method.
-########################################################################
-def check_filter_options() #:nodoc:
-  table_name = @tables.first[1]
-  model      = @tables.first[0]
-  session[table_name] ||= {}
-# process page
-  session[table_name][:page] = params[:page] if params[:page]
-# new filter is applied
-  if params[:filter]
-    set_session_filter(table_name)
-    session[table_name][:page] = 1
-  end
-# if data model has field dc_site_id ensure that only documents which belong to the site are selected.
-  site_id = dc_get_site._id if dc_get_site
-# dont't filter site if no dc_site_id field or user is ADMIN
-  site_id = nil if !model.method_defined?('dc_site_id') or dc_user_can(DcPermission::CAN_ADMIN)
-  site_id = nil if session[table_name][:filter].to_s.match('dc_site_id')
-#  
-  if @records = DcFilter.get_filter(session[table_name][:filter])
-    @records = @records.and(dc_site_id: site_id) if site_id
-  else
-    @records = if site_id
-      model.where(dc_site_id: site_id)
-    else
-      model
-    end
-  end
-=begin  
-# TODO Use only fields requested. Higly experimental but necessary in some scenarios
-  if (columns = @form['result_set']['columns'])
-    cols = []
-    columns.each { |k,v| cols << v['name'] }
-    p '*',cols,'*'
-    @records = @records.only(cols)
-  end
-=end  
-# pagination if required
-  per_page = (@form['result_set']['per_page'] || 30).to_i
-  if per_page > 0
-    @records = @records.page(session[table_name][:page]).per(per_page)
-  end
-end
-
-########################################################################
-# Index action.
+# Index action 
 ########################################################################
 def index
-# If result_set is not defined on form, then it will fail. :return_to should know where to go
-  if @form['result_set'].nil?
-    return process_return_to(params[:return_to] || 'reload') 
-  end
-# for now enable only filtering of top level documents
-  if @tables.size == 1 
-    check_filter_options()
-    check_sort_options()
-  end  
-# result set is defined by filter method in control object
-  if @form['result_set']['filter']
-    if respond_to?(@form['result_set']['filter'])
-      @records = send @form['result_set']['filter']
-# something iz wrong. flash[] should have explanation.
-      if @records.class == FalseClass
-        @records = []
-        return render(action: :index)
-      end
-# pagination but only if not already set
-      unless (@form['table'] == 'dc_memory' or @records.options[:limit])
-        per_page = (@form['result_set']['per_page'] || 30).to_i
-        @records = @records.page(params[:page]).per(per_page) if per_page > 0
-      end
-    else
-      Rails.logger.error "Error: result_set:filter: #{@form['result_set']['filter']} not found in controls!"
-    end
-  else
-    if @tables.size > 1 
-      rec = @tables.first[0].find(@ids.first)          # top most document.id
-      1.upto(@tables.size - 2) { |i| rec = rec.send(@tables[i][1].pluralize).find(@ids[i]) }  # find embedded childrens by ids
-      @records = rec.send(@tables.last[1].pluralize)   # current embedded set
-# sort by order if order field is present in model
-      if @tables.last[1].classify.constantize.respond_to?(:order)
-        @records = @records.order_by('order asc')
-      end
-    end
-  end
-#
-  call_callback_method('dc_footer')
+  @form['result_set'] ||= {}
+  redirected = (@form['table'] == 'dc_memory' ? process_in_memory : process_collections)
+  return if redirected
+#  
+  call_callback_method(@form['result_set']['footer'] || 'dc_footer')
   respond_to do |format|
     format.html { render action:  :index }
     format.js   { render partial: :result }
@@ -293,8 +128,12 @@ end
 # Login can be called directly with url http://site.com/cmsedit/login
 ########################################################################
 def login
-  session[:edit_mode] = 0 unless params[:ok]
-  render action: 'login', layout: 'cms'
+  if    params[:id] == 'test' then set_test_site
+  elsif params[:ok]           then render action: 'login', layout: 'cms' 
+  else
+    session[:edit_mode] = 0
+    render action: 'login', layout: 'cms'
+  end
 end
 
 ########################################################################
@@ -308,6 +147,24 @@ def logout
   render action: 'login', layout: 'cms'
 end
 
+########################################################################
+# Logout action. Used to logout direct from CMS.
+# 
+# Logout can be called directly with url http://site.com/cmsedit/logout
+########################################################################
+def set_test_site 
+  # only in development
+  return dc_render_404 if !Rails.env.development?
+  alias_site = DcSite.find_by(:name => params[:site])
+  return dc_render_404 unless alias_site
+  # update alias for  
+  site           = DcSite.find_by(:name => 'test')
+  site.alias_for = params[:site]
+  site.save
+  # redirect to root  
+  redirect_to '/'
+end
+
 ########################################################################
 # New action.
 ########################################################################
@@ -339,7 +196,8 @@ def new
     end
   end
 # This is how we set default values for new record
-  dc_new_record() if respond_to?('dc_new_record') 
+  #dc_new_record() if respond_to?('dc_new_record') 
+  if (m = callback_method('new_record') ) then call_callback_method(m)  end
   @parms['action'] = 'create'
 end
 
@@ -364,6 +222,8 @@ def duplicate_embedded(source) #:nodoc:
       dest[attribute_name] << ' dup' if add_duplicate
     end
   end
+  dest['created_at'] = Time.now if dest['created_at']
+  dest['updated_at'] = Time.now if dest['updated_at']
   dest
 end
 
@@ -388,6 +248,8 @@ def duplicate_document(source)
       dest[embedded_name] << duplicate_embedded(embedded)
     end
   end
+  dest['created_at'] = Time.now if dest['created_at']
+  dest['updated_at'] = Time.now if dest['updated_at']
   dest
 end
 
@@ -411,16 +273,16 @@ def create
     session[:form_time_stamp] = params[:form_time_stamp]
 #    
     create_new_empty_record
-    params[:return_to] = 'index' if params[:commit] == t('drgcms.save&back') # save & back
     if save_data
-      flash[:info]    = t('drgcms.doc_saved')
+      flash[:info] = t('drgcms.doc_saved')
+      params[:return_to] = 'index' if params[:commit] == t('drgcms.save&back') # save & back
       return process_return_to(params[:return_to]) if params[:return_to]
       
       @parms['id']     = @record.id     # must be set, for proper update link
       params[:id]      = @record.id     # must be set, for find_record
       edit
-      #      render action: :edit
     else # error
+      return process_return_to(params[:return_to]) if params[:return_to]
       render action: :new
     end
   else # duplicate record
@@ -444,7 +306,7 @@ def edit
     ret = call_callback_method(m)
 # Don't do anything if return is false
     return index if ret.class == FalseClass
-  end  
+  end
   @parms['action'] = 'update'
   render action: :edit
 end
@@ -471,7 +333,13 @@ def update
       params[:return_to] = 'index' if params[:commit] == t('drgcms.save&back') # save & back
       @parms['action'] = 'update'
 # Process return_to link
-      return process_return_to(params[:return_to]) if params[:return_to]      
+      return process_return_to(params[:return_to]) if params[:return_to]
+    else
+      # do not forget before_edit callback
+      if m = callback_method('before_edit')
+        call_callback_method(m)
+      end
+      return render action: :edit
     end
   else
     flash[:error] = t('drgcms.not_authorized')
@@ -505,6 +373,7 @@ def destroy
   when !ok2delete then
     flash[:error] = t('drgcms.not_authorized')
     return index
+    
   when params['operation'].nil? then
 # Process before delete callback
     if (m = callback_method('before_delete') )
@@ -517,13 +386,18 @@ def destroy
       save_journal(:delete)
       flash[:info] = t('drgcms.record_deleted')
 # Process after delete callback
-      if (m = callback_method('after_delete') ) then call_callback_method(m) end
+      if (m = callback_method('after_delete') ) 
+        call_callback_method(m)
+      elsif params['after-delete'].to_s.match('return_to')
+        params[:return_to] = params['after-delete']
+      end
 # Process return_to link
       return process_return_to(params[:return_to]) if params[:return_to]
     else
       flash[:error] = dc_error_messages_for(@record)
     end
     return index
+    
 # deaktivate document    
   when params['operation'] == 'disable' then
     if @record.respond_to?('active')
@@ -533,6 +407,7 @@ def destroy
       @record.save
       flash[:info] = t('drgcms.doc_disabled')
     end
+    
 # reaktivate document
   when params['operation'] == 'enable' then
     if @record.respond_to?('active')
@@ -542,31 +417,91 @@ def destroy
       @record.save
       flash[:info] = t('drgcms.doc_enabled')
     end
+
+# reorder documents
+  when params['operation'] == 'reorder' then
+
   end
 #
   @parms['action'] = 'update'
   render action: :edit
 end
 
+########################################################################
+# Run action
+########################################################################
+def run
+  # determine control file name and method
+  control_name, method_name = params[:control].split('.')
+  if method_name.nil?
+    method_name  = control_name
+    control_name = params[:table]   
+  end
+  # extend with control methods
+  extend_with_control_module(control_name)
+  if respond_to?(method_name)
+    # can it be called
+    return return_run_error t('drgcms.not_authorized') unless can_process_run
+    # call method
+    respond_to do |format|
+      format.json { send method_name }
+      format.html { send method_name }
+    end    
+  else # Error message
+    return_run_error "Method #{method_name} not defined in #{control_name}_control"
+  end
+end
+
 protected
 
-=begin
 ########################################################################
-# Processes on_save_ok form directive. Data is saved to session for
-# safety reasons.
+# Respond with error on run action
 ########################################################################
-def process_on_save_ok
-  session[:on_save_ok_id]     = @record_id
-  session[:on_save_ok_commit] = params[:commit]
-  eval(params[:on_save_ok])
+def return_run_error(text)
+  respond_to do |format|
+    format.json { render json: { msg_error: text } }
+    format.html { render plain: text }
+  end
+end
+
+########################################################################
+# Can run call be processed
+########################################################################
+def can_process_run
+  if respond_to?(:dc_can_process)
+    response = send(:dc_can_process)
+    return response unless response.class == Array
+  else
+    response = [DcPermission::CAN_VIEW, params[:table] || 'dc_memory']
+  end
+  dc_user_can *response
+end
+
+########################################################################
+# Checks if user has permissions to perform operation on table and if not
+# prepares response for not authorized message.
+#
+# @param [Integer] permission : Permission level defined in DcPermission constants eg. DcPermission::CAN_EDIT
+# @param [String] collection_name : Table name on which user must have permission
+#
+# @return [Boolean] true when user has required permission otherwise false
+########################################################################
+def user_has_permission?(permission, collection_name)
+  unless dc_user_can(permission, collection_name.to_s)
+    respond_to do |format|
+      format.json { render json: {msg_error: t('drgcms.not_authorized') } }
+      format.html { render plain: t('drgcms.not_authorized') }
+    end
+    return false
+  end
+  true
 end
-=end
 
 ########################################################################
 # Merges two forms when current form extends other form. Subroutine of read_drg_cms_form.
 # With a little help of https://www.ruby-forum.com/topic/142809 
 ########################################################################
-def forms_merge(hash1, hash2) 
+def forms_merge(hash1, hash2)
   target = hash1.dup
   hash2.keys.each do |key|
     if hash2[key].is_a? Hash and hash1[key].is_a? Hash
@@ -579,30 +514,77 @@ def forms_merge(hash1, hash2)
   target.delete_if{ |k,v| v.nil? }
 end
 
+########################################################################
+# Extends DRGCMS form file. Extended file is processed first and then merged
+# with code in this form file. Form can extend only single form file.
+# 
+# [Parameters:]
+# [extend_option] : Value of @form['extend'] option
+########################################################################
+def extend_drg_cms_form(extend_option)
+  form_file_name = dc_find_form_file(extend_option) 
+  @form_js << read_js_drg_cms_form(form_file_name)
+  form  = YAML.load_file( form_file_name )
+  @form = forms_merge(form, @form)
+# If combined form contains tabs and fields options, merge fields into tabs
+  if @form['form']['tabs'] and @form['form']['fields']
+    @form['form']['tabs']['fields'] = @form['form']['fields']
+    @form['form']['fields'] = nil
+  end
+end
+
+########################################################################
+# Include code from another DRGCMS form file. Included code is merged
+# with current form file code. Form can include more than one other DRGCMS forms.
+# 
+# [Parameters:]
+# [include_option] : Value of @form['include'] option
+########################################################################
+def include_drg_cms_form(include_option)
+  includes = include_option.class == Array ? include_option : include_option.split(/\,|\;/)
+  includes.each do |include_file|
+    form_file_name = dc_find_form_file(include_file)    
+    @form_js << read_js_drg_cms_form(form_file_name)
+    form  = YAML.load_file(form_file_name)    
+    @form = forms_merge(@form, form)
+  end
+end
+
+########################################################################
+# Will read data from form_file_name.js if it exists.
+# 
+# [Parameters:]
+# [form_file_name] : Physical form filename
+########################################################################
+def read_js_drg_cms_form(form_file_name)
+  js_form_file_name = form_file_name.sub('.yml','.js')
+  File.read(js_form_file_name) rescue ''
+end
+
 ########################################################################
 # Read drgcms form into yaml object. Subroutine of check_authorization.
 ########################################################################
 def read_drg_cms_form
   table_name = decamelize_type(params[:table].strip)
-  @tables = table_name.split(';').inject([]) { |r,v| r << [v.classify.constantize, v] }
+  @tables = table_name.split(';').inject([]) { |r,v| r << [(v.classify.constantize rescue nil), v] }
 # split ids passed when embedded document
   ids = params[:ids].to_s.strip.downcase
   @ids = ids.split(';').inject([]) { |r,v| r << v }
-# formname defaults to last table specified
-  dc_deprecate("Parameter :formname will be deprecated in future. Use :form_name instead") if params[:formname]
+# form_name defaults to last table specified
   form_name = params[:form_name] || @tables.last[1]
-  @form  = YAML.load_file( dc_find_form_file(form_name) ) rescue nil
-  return unless @form
-# when form extends another form file. 
-  if @form['extend']
-    form = YAML.load_file( dc_find_form_file(@form['extend']) )
-    @form = forms_merge(form, @form)
-# If combined form contains tabs and fields options, merge fields into tabs
-    if @form['form']['tabs'] and @form['form']['fields']
-      @form['form']['tabs']['fields'] = @form['form']['fields']
-      @form['form']['fields'] = nil
-    end
+  @form_js = ''
+# dynamicaly generated form  
+  @form = if params[:form_name] == 'method'
+    dc_eval_class_method(params[:form_method], params)
+  else
+    form_file_name = dc_find_form_file(form_name)
+    @form_js = read_js_drg_cms_form(form_file_name)
+    YAML.load_file(form_file_name)
   end
+# form includes or extends another form file
+  include_drg_cms_form(@form['include']) if @form['include']
+  extend_drg_cms_form(@form['extend'])   if @form['extend']
+  @form['script'] = (@form['script'].blank? ? @form_js : @form['script'] + @form_js)
 # add readonly key to form if readonly parameter is passed in url
   @form['readonly'] = 1 if params['readonly'] #and %w(1 yes true).include?(params['readonly'].to_s.downcase.strip)
 # !!!!!! Always use strings for key names since @parms['table'] != @parms[:table]
@@ -612,38 +594,63 @@ def read_drg_cms_form
            }
 end
 
+############################################################################
+# Load module if available. Try not to mask errors in control module
+############################################################################
+def load_controls_module(controls_string)
+  begin
+    controls_string.classify.constantize
+  rescue NameError => e
+    return nil if e.message.match('uninitialized constant') || e.message.match('wrong constant name')
+    # report errors when loading existing module
+    raise e
+  end
+end
+
+############################################################################
+# Dynamically extend cmsedit class with methods defined in controls module.
+############################################################################
+def extend_with_control_module(control_name = @form['controls'] || @form['control'])
+  # May include embedded forms so ; => _
+  control_name ||= params[:table].gsub(';','_')
+  control_name += '_control' unless control_name.match(/control$|report$/i)
+  # p '************',  control_name
+  controls = load_controls_module(control_name)
+  if controls
+    # extend first with dc_report when report
+    if control_name.match(/report$/i)
+      extend DcReport
+      init_report(control_name)
+    end
+    extend controls
+    # Form may be dynamically updated before processed
+    send(:dc_update_form) if respond_to?(:dc_update_form)
+  end
+end
+
 ############################################################################
 # Check if user is authorized for the action. If authorization is in order it will also
 # load DRG form.
 ############################################################################
 def check_authorization
   params[:table] ||= params[:form_name]
-# Just show menu
-#  return show if params[:action] == 'show'
-  return login if params[:id].in?(%w(login logout))
-# request shouldn't pass
-  if session[:user_roles].nil? or params[:table].to_s.strip.downcase.size < 3 or 
-     !dc_user_can(DcPermission::CAN_VIEW)
+  # Only show menu
+  return login if params[:id].in?(%w(login logout test))
+  table = params[:table].to_s.strip.downcase
+  set_default_guest_user_role if session[:user_roles].nil?
+  # request shouldn't pass
+  if table != 'dc_memory' and 
+     (table.size < 3 or !dc_user_can(DcPermission::CAN_VIEW))
     return render(action: 'error', locals: { error: t('drgcms.not_authorized')} )
   end
-
   read_drg_cms_form
-  
-# Permissions can be also defined on form
-  if @form.nil?
-    render plain: t('drgcms.form_error')
-#TODO So far only can_view is used. Think about if using other permissions has sense
-  elsif @form['permissions'].nil? or @form['permissions']['can_view'].nil? or
-    dc_user_has_role(@form['permissions']['can_view'])
-# Extend class with methods defined in drgcms_controls module. May include embedded forms therefor ; => _ 
-    controls_string = (@form['controls'] ? @form['controls'] : params[:table].gsub(';','_')) + '_control'
-    controls = "DrgcmsControls::#{controls_string.classify}".constantize rescue nil
-# version next
-    if controls.nil?
-      controls_string = "#{@form['controls'] || params[:table].gsub(';','_')}_control"
-      controls = "#{controls_string.classify}".constantize rescue nil
-    end
-    extend controls if controls 
+  return render( plain: t('drgcms.form_error') ) if @form.nil?
+
+  # Permissions can be also defined on form
+  #TODO So far only can_view is used. Think about if using other permissions has sense
+  can_view = @form.dig('permissions','can_view')
+  if can_view.nil? or dc_user_has_role(can_view)
+    extend_with_control_module
   else
     render(action: 'error', locals: { error: t('drgcms.not_authorized')} )
   end  
@@ -728,8 +735,9 @@ def callback_method(key) #:nodoc:
   cb = case
     when params['data'] && params['data'][data_key] then params['data'][data_key]
 # if dc_ + key method is present in model then it will be called automatically     
+    when @form['form'][key] then @form['form'][key]
     when respond_to?('dc_' + key) then 'dc_' + key
-    when params[key] then params[key]
+    when params[data_key] then params[data_key]
     else nil
   end
 #  
@@ -769,6 +777,8 @@ def process_return_to(return_to)
     when return_to == 'index' then return index
     when return_to.match(/parent\.reload/i) then 'parent.location.href=parent.location.href;'
     when return_to.match(/reload/i) then 'location.href=location.href;'
+    when return_to.match(/close/i) then 'window.close();'
+    when return_to.match(/none/i) then return
     else "location.href='#{return_to}'"
   end
   render html: js_tag(script).html_safe, layout: false
@@ -801,18 +811,16 @@ def save_data
 #
   form_fields.each do |v|
     session[:form_processing] = v['name'] # for debuging
-    next if v['type'].nil? or
+    next if v['type'].nil? or v['name'].nil? or
             v['type'].match('embedded') or # don't wipe embedded types
             (params[:edit_only] and params[:edit_only] != v['name']) or # otherwise other fields would be wiped
             v['readonly'] or # fields with readonly option don't return value and would be wiped
-            !@record.respond_to?(v['name']) # there can be temporary fields on the form
+            !@record.respond_to?(v['name']) # there are temporary fields on the form
     # good to know! How to get type of field @record.fields[v['name']].type
     # return value from form field definition
     value = DrgcmsFormFields.const_get(v['type'].camelize).get_data(params, v['name'])
     @record.send("#{v['name']}=", value)
   end
-# 
-  operation = @record.new_record? ? :new : :update
 # controls callback method
   if (m = callback_method('before_save') )
     ret = call_callback_method(m)
@@ -823,11 +831,244 @@ def save_data
   changes = @record.changes
   update_standards() if changes.size > 0  # update only if there has been some changes
   if (saved = @record.save)
+    operation = @record.new_record? ? :new : :update
     save_journal(operation, changes)
 # callback methods
     if (m = callback_method('after_save') ) then call_callback_method(m)  end
   end
   saved
 end
+
+########################################################################
+# Will return comma separated data (field names) as array of symbols. For usage
+# in select_fields and deny_fields
+########################################################################
+def separated_to_symbols(data)
+  data.chomp.split(',').inject([]) {|r,element| r << element.strip.downcase.to_sym }
+end
   
+########################################################################
+# Will process select_fields and deny_fields if specified
+########################################################################
+def process_select_and_deny_fields
+  if @form['result_set']['select_fields']
+    @records = @records.only( separated_to_symbols(@form['result_set']['select_fields']) )
+  end
+# deny fields specified
+  if @form['result_set']['deny_fields']
+    @records = @records.without( separated_to_symbols(@form['result_set']['deny_fields']) )
+  end
+end
+
+########################################################################
+# Will check and set sorting options for current result set. Subroutine of index method.
+########################################################################
+def check_sort_options() #:nodoc:
+  table_name = @tables.first[1]
+  old_sort = session[table_name][:sort].to_s
+  sort, direction = old_sort.split(' ')
+# sort is requested
+  if params['sort']
+    # reverse sort if same selected
+    if params['sort'] == sort
+      direction = (direction == '1') ? '-1' : '1'
+    end
+    direction ||= 1
+    sort = params[:sort]
+    session[table_name][:sort] = "#{params['sort']} #{direction}"
+    session[table_name][:page] = 1
+  end
+  @records.sort( sort => direction.to_i ) if session[table_name][:sort]
+  params['sort'] = nil # otherwise there is problem with other links
+end
+
+########################################################################
+# Set aditional filter options when filter is defined by filter method in control object.
+########################################################################
+def user_filter_options(model) #:nodoc:
+  table_name = @tables.first[1]
+  if session[table_name]
+    DcFilter.get_filter(session[table_name][:filter]) || model
+  else
+    model
+  end
+end
+
+########################################################################
+# Return current sort options for model (table)
+########################################################################
+def user_sort_options(model) #:nodoc:
+  table_name = (model.class == String ? model : model.to_s).underscore
+  return nil unless session[table_name][:sort]
+
+  field, direction = session[table_name][:sort].split(' ')
+  { field.to_sym => direction.to_i }
+end
+
+########################################################################
+# Will set session[table_name][:filter] and save last filter settings to session.
+# subroutine of check_filter_options.
+########################################################################
+def set_session_filter(table_name)
+  # models that can not be filtered (for now)
+  return if %w(dc_temp dc_memory).include?(params[:table])
+  # clear filter 
+  if params[:filter] == 'off' 
+    session[table_name][:filter] = nil
+    return
+  end
+  # field_name should exist on set filter condition
+  return if params[:filter_oper] && params[:filter_field].blank?
+
+  filter_value = if params[:filter_value].nil?
+# NIL indicates that no filtering is needed        
+    '#NIL'
+  else     
+    if params[:filter_value].class == String and params[:filter_value][0] == '@'
+# Internal value. Remove leading @ and evaluate expression
+      expression = DcInternals.get(params[:filter_value])
+      eval(expression) rescue nil
+    else
+# No filter when empty      
+      params[:filter_value] == '' ? '#NIL' : params[:filter_value] 
+    end
+  end
+# if filter field parameter is omitted then just set filter value
+  session[table_name][:filter] =
+  if params[:filter_field].nil?
+    saved = YAML.load(session[table_name][:filter])
+    saved['value'] = filter_value
+    saved.to_yaml
+  else 
+# As field defined. Split name and alternative input field
+    field = if params[:filter_field].match(' as ')
+      params[:filter_input] = params[:filter_field].split(' as ').last.strip
+      params[:filter_field].split(' as ').first.strip
+    else
+      params[:filter_field]
+    end
+#    
+    {'field'     => field, 
+     'operation' => params[:filter_oper], 
+     'value'     => filter_value,
+     'input'     => params[:filter_input],
+     'table'     => table_name }.to_yaml
+  end
+# must be. Otherwise kaminari includes parameter on paging
+   params[:filter]        = nil 
+   params[:filter_id]     = nil 
+   params[:filter_oper]   = nil  
+   params[:filter_input]  = nil 
+   params[:filter_field]  = nil 
+end
+
+########################################################################
+# Will check and set current filter options for result set. Subroutine of index method.
+########################################################################
+def check_filter_options() #:nodoc:
+  table_name = @tables.first[1]
+  model      = @tables.first[0]
+  session[table_name] ||= {}
+# process page
+  session[table_name][:page] = params[:page] if params[:page]
+# new filter is applied
+  if params[:filter]
+    set_session_filter(table_name)
+    session[table_name][:page] = 1
+  end
+# if data model has field dc_site_id ensure that only documents which belong to the site are selected.
+  site_id = dc_get_site._id if dc_get_site
+# dont't filter site if no dc_site_id field or user is ADMIN
+  site_id = nil if !model.method_defined?('dc_site_id') or dc_user_can(DcPermission::CAN_ADMIN)
+  site_id = nil if session[table_name][:filter].to_s.match('dc_site_id')
+#  
+  if @records = DcFilter.get_filter(session[table_name][:filter])
+    @records = @records.and(dc_site_id: site_id) if site_id
+  else
+    @records = if site_id
+      model.where(dc_site_id: site_id)
+    else
+      model
+    end
+  end
+# select only fields or deny fields specified
+  process_select_and_deny_fields
+# pagination if required
+  per_page = (@form['result_set']['per_page'] || 30).to_i
+  @records = @records.page(session[table_name][:page]).per(per_page) if per_page > 0
+end
+
+########################################################################
+# Process index action for normal collections.
+########################################################################
+def process_collections #:nodoc
+# If result_set is not defined on form, then it will fail. :return_to should know where to go
+  if @form['result_set'].nil?
+    process_return_to(params[:return_to] || 'reload') 
+    return true
+  end
+# for now enable only filtering of top level documents
+  if @tables.size == 1 
+    check_filter_options()
+    check_sort_options()
+  end  
+# result set is defined by filter method in control object
+  form_filter = @form['result_set']['filter']
+  if form_filter
+    if respond_to?(form_filter)
+      @records = send(form_filter)
+# something went wrong. flash[] should have explanation.
+      if @records.class == FalseClass
+        @records = []
+        render(action: :index)
+        return true
+      end
+      process_select_and_deny_fields           
+# pagination but only if not already set
+      unless (@form['table'] == 'dc_memory' or @records.options[:limit])
+        per_page = (@form['result_set']['per_page'] || 30).to_i
+        @records = @records.page(params[:page]).per(per_page) if per_page > 0
+      end
+    elsif form_filter != 'dc_filter'
+      Rails.logger.error "Error: result_set:filter: #{@form['result_set']['filter']} not found in controls!"
+    end
+  else
+    if @tables.size > 1 
+      rec = @tables.first[0].find(@ids.first)          # top most document.id
+      1.upto(@tables.size - 2) { |i| rec = rec.send(@tables[i][1].pluralize).find(@ids[i]) }  # find embedded childrens by ids
+# TO DO. When field name is different then pluralized class name. Not working yet.
+      embedded_field_name = @tables.last[0] ? @tables.last[1].pluralize : @tables.last[1]
+      @records = rec.send(embedded_field_name)   # current embedded set
+# sort by order if order field is present in model
+      if @tables.last[1].classify.constantize.respond_to?(:order)
+        @records = @records.order_by('order asc')
+      end
+    end
+  end
+  false
+end
+
+########################################################################
+# Process index action for in memory data.
+########################################################################
+def process_in_memory #:nodoc
+  @records = []
+  # result set is defined by filter method in control object
+  if (method = @form['result_set']['filter'])
+    send(method) if respond_to?(method)    
+  end
+  # result set is defined by class method
+  if (klass_method = @form['result_set']['filter_method'])
+    _klass, method = klass_method.split('.')
+    klass = _klass.classify.constantize
+    @records = klass.send(method) if klass.respond_to?(method)
+  end
+  # ensure that record has id field
+  if @records.size > 0
+    raise "Exception: id field must be set in dc_memory record!" unless @records.first.id
+  end
+  false
+end
+
+
 end